Netgate SG-1100 set up best practice with home gateway for IP Phone?

ChapInTokyo · Sep 27, 2023, 2:59 AM

Hi, my first time on this forum. I would like to use my Netgate SG-1100 as the router/firewall/DHCP server/VPN server in my network, while keeping my phone company's Home Gateway device for its IP Phone functions.

I have made it work by connecting the devices like this:

Phone line -- VDSL terminal device -(WAN DHCP)HOME GATEWAY with PPPoE BRIDGE turned on(LAN 192.168.1.1)-- (WAN DHCP)SG-1100(LAN 192.168.10.1/DHCP server range 192.168.10.0 255.255.255.0) -- Ethernet Switch connected to Wi-Fi router on bridge mode, printer, smart TV, PCs etc.

After doing a factory reset on the Home Gateway so that it would no longer have the connection information for my provider, and turning its PPPoE bridge mode "on", and its DHCP server and UPnP settings to "off" and its LAN port to "192.168.1.1", and setting up SG-1100's WAN to DHCP, everything including the IP Phone connected to the Home Gatway seems to work just fine.

Could you please let me know whether there are any potential issues with my setup as above? It is the first time I have had to use both a firewall/router/VPN device like the Netgate with my broadband provider's Home Gateway and am still feeling my way. Thanks for your help!

stephenw10 · Sep 27, 2023, 1:31 PM

A double NAT setup like will work fine for most situations. It makes setting up port forwards more difficult. It breaks UPnP forwarding if you need that.

When enabling the PPPoE bridge mode in the gateway device I would expect pfSense to have to run the PPPoE session. It would then get the public IP directly on the pfSense WAN so would only be a single NAT.
However in that setup the IP phone may not work because that requires the gateway device to have a public IP.

Steve

ChapInTokyo · Sep 28, 2023, 7:01 AM

@stephenw10 Thanks Steve! In the setup that I'm currently using, the Netgate SG-1100 is running the PPPoE session with my ISP and it's WAN port has been assigned a dynamic global address automatically by the ISP's DHCP server.

I might be lucky because the Home Gateway (which is connected between my VDSL adapter and my SG-1100) seems to have no trouble connecting with the phone company's IP Phone server automatically even though the WAN address has been assigned to the SG-1100 rather than to the Home Gateway (fyi the Home Gateway is a box called the RX-600KI from NTT East Japan). I am imagining that the IP Phone might be working on a WAN address assigned by the phone company's server rather than the WAN address assigned by my ISP but this is just a wild guess.

In any case, since everything so far is working ok I guess my next step is to see whether OpenVPN will work with the SG-1100 behind the Home Gateway in PPPoE bridge mode! (I'm currently setting up the PfBlockerNG and the FreeRADIUS parts...). Thanks again for your reassuring words!

Chap in Tokyo

stephenw10 · Sep 28, 2023, 12:13 PM

Ah, nice. That's a good result then. Yes they must be using some thing out of band for the IP phone, which is good.